Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
8
Replies

Secure Client NAM prompt for credentials

peter.matuska1
Level 1
Level 1

‎04-08-2024 06:38 AM

Hi,

we have implemented EAP-FAST with machine (eap-tls) and user authentication (MSCHAP). Secure client 5.0.05040. Everything works fine but one user is reporting that sometimes when he logs in, the secure client shows him error: An authentication error occurred for network. Please try again. If the issue persists, contact your administrator. When he selects the network in secure client, secure client, he is prompted him to enter username and password. After that the network starts working. ISE logs doesnt show any problem with 802.1x. The authentication ends up in the MAB as expected when 802.1x is not responding. Switch shows log: No response from client.

Has anyone had this issue before?

thank you

2 people had this problem
0 Helpful
8 Replies 8

ahollifield
VIP
VIP

‎04-08-2024 09:05 AM

Are you using PEAP as an inner method?  Any reason not to move to TEAP?

0 Helpful

peter.matuska1
Level 1
Level 1

‎04-08-2024 12:33 PM

we are using EAP-FAST and mschap for user auth and eap-tls for machine auth. 

And I have better experience with anyconnect nam than with native supplicant.

0 Helpful

ahollifield
VIP
VIP
In response to peter.matuska1

‎04-08-2024 12:54 PM

What’s the use case for counting to use PEAP? Why not EAP-TLS? What version of AnyConnect? What version of Windows?
0 Helpful

peter.matuska1
Level 1
Level 1
In response to ahollifield

‎04-08-2024 10:29 PM

We use MSCHAP fo ruser authentication because of issues with user's certificate distribution, logging of users who are not in AD and thus doesnt have certificate.

The issue is with Secure client 5.0.05040 on Win 10.

thank you

0 Helpful

ahollifield
VIP
VIP
In response to peter.matuska1

‎04-09-2024 04:56 AM

Credential Guard was the first thing that came to my mind.  I would highly suggest looking at certificate authentication instead.  I would also consider an upgrade to Secure Client 5.1 as well.

0 Helpful

peter.matuska1
Level 1
Level 1

‎04-09-2024 05:00 AM

credential guard is disabled. 5.1 didnt work in their network.

0 Helpful

ahollifield
VIP
VIP
In response to peter.matuska1

‎04-09-2024 05:27 AM

Why? What happened with 5.1?
0 Helpful

azurcher5516
Level 1
Level 1

‎09-26-2024 05:45 PM

We are experiencing this as well. We have updated all of our users to Cisco Secure Client v 5.1 and very small amount of users (3) have reported this. It happens to some more often than others. Any find a root cause? 

0 Helpful
Customers Also Viewed These Support Documents